forked from elastic/ecs
-
Notifications
You must be signed in to change notification settings - Fork 0
/
service.yml
169 lines (144 loc) · 6.34 KB
/
service.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
# Licensed to Elasticsearch B.V. under one or more contributor
# license agreements. See the NOTICE file distributed with
# this work for additional information regarding copyright
# ownership. Elasticsearch B.V. licenses this file to you under
# the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
---
- name: service
title: Service
group: 2
short: Fields describing the service for or from which the data was collected.
description: >
The service fields describe the service for or from which the data was collected.
These fields help you find and correlate logs for a specific
service and version.
footnote: >
The service fields may be self-nested under service.origin.* and service.target.*
to describe origin or target services in the context of incoming or outgoing requests,
respectively.
However, the fieldsets service.origin.* and service.target.* must not be confused with
the root service fieldset that is used to describe the actual service under observation.
The fieldset service.origin.* may only be used in the context of incoming requests or
events to describe the originating service of the request. The fieldset service.target.*
may only be used in the context of outgoing requests or events to describe the target
service of the request.
reusable:
top_level: true
expected:
- at: service
as: origin
beta: Reusing the `service` fields in this location is currently considered beta.
short_override: Describes the origin service in case of an incoming request or event.
- at: service
as: target
beta: Reusing the `service` fields in this location is currently considered beta.
short_override: Describes the target service in case of an outgoing request or event.
type: group
fields:
- name: environment
level: extended
type: keyword
short: Environment of the service.
beta: This field is beta and subject to change.
description: >
Identifies the environment where the service is running.
If the same service runs in different environments
(production, staging, QA, development, etc.), the environment
can identify other instances of the same service. Can also
group services and applications from the same environment.
example: production
- name: id
level: core
type: keyword
short: Unique identifier of the running service.
description: >
Unique identifier of the running service. If the service is comprised of
many nodes, the `service.id` should be the same for all nodes.
This id should uniquely identify the service. This makes it possible
to correlate logs and metrics for one specific service, no matter which
particular node emitted the event.
Note that if you need to see the events from one specific host of the
service, you should filter on that `host.name` or `host.id` instead.
example: d37e5ebfe0ae6c4972dbe9f0174a1637bb8247f6
- name: name
level: core
type: keyword
example: "elasticsearch-metrics"
short: Name of the service.
description: >
Name of the service data is collected from.
The name of the service is normally user given. This allows for
distributed services that run on multiple hosts to correlate the
related instances based on the name.
In the case of Elasticsearch the `service.name` could contain the cluster
name. For Beats the `service.name` is by default a copy of the `service.type`
field if no name is specified.
- name: node.name
level: extended
type: keyword
example: "instance-0000000016"
short: Name of the service node.
description: >
Name of a service node.
This allows for two nodes of the same service running on the same
host to be differentiated. Therefore, `service.node.name` should
typically be unique across nodes of a given service.
In the case of Elasticsearch, the `service.node.name` could contain
the unique node name within the Elasticsearch cluster.
In cases where the service doesn't have the concept of a node name,
the host name or container name can be used to distinguish running
instances that make up this service. If those do not provide uniqueness
(e.g. multiple instances of the service running on the same host) - the
node name can be manually set.
- name: type
level: core
type: keyword
example: "elasticsearch"
short: The type of the service.
description: >
The type of the service data is collected from.
The type can be used to group and correlate logs and metrics from one
service type.
Example: If logs or metrics are collected from Elasticsearch, `service.type` would be
`elasticsearch`.
- name: state
level: core
type: keyword
description: >
Current state of the service.
- name: version
level: core
type: keyword
example: "3.2.4"
short: Version of the service.
description: >
Version of the service the data was collected from.
This allows to look at a data set only for a specific version of a
service.
- name: ephemeral_id
level: extended
type: keyword
short: Ephemeral identifier of this service.
description: >
Ephemeral identifier of this service (if one exists).
This id normally changes across restarts, but `service.id` does not.
example: 8a4f500f
- name: address
level: extended
type: keyword
short: Address of this service.
description: >
Address where data about this service was collected from.
This should be a URI, network address (ipv4:port or [ipv6]:port) or a resource path (sockets).
example: 172.26.0.2:5432